package com.hxy.controller;

import org.springframework.security.access.annotation.Secured;
import org.springframework.web.bind.annotation.RequestMapping;
import org.springframework.web.bind.annotation.RestController;

@RestController
@RequestMapping("secured")
public class SecuredController {

    @RequestMapping("m1")
    public String m1(){
        return "m1";
    }

    // 角色为ROLE_ADMIN的用户可以访问该资源
    @Secured("ROLE_ADMIN")
    @RequestMapping("m2")
    public String m2(){
        return "m2";
    }

    @Secured("ROLE_TEST")
    @RequestMapping("m3")
    public String m3(){
        return "m3";
    }

    @Secured(value = {"ROLE_ADMIN","ROLE_TEST"})
    @RequestMapping("m4")
    public String m4(){
        return "m4";
    }

    // 必须是ROLE_开头的
    @Secured(value = {"select"})
    @RequestMapping("m5")
    public String m5(){
        return "m5";
    }

}
